"Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures. The security defects "allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags," Oligo Security said in a report shared with The Hacker News. Successful exploitation of the flaws could enable attackers to disrupt cloud services, manipulate data, and burrow deeper into cloud and Kubernetes infrastructure."
"CVE-2025-12972 - A path traversal vulnerability stemming from the use of unsanitized tag values to generate output filenames, making it possible to write or overwrite arbitrary files on disk, enabling log tampering and remote code execution. CVE-2025-12970 - A stack buffer overflow vulnerability in the Docker Metrics input plugin (in_docker) that could allow attackers to trigger code execution or crash the agent by creating containers with excessively long names."
"CVE-2025-12978 - A vulnerability in the tag-matching logic lets attackers spoof trusted tags - which are assigned to every event ingested by Fluent Bit - by guessing only the first character of a Tag_Key, allowing an attacker to reroute logs, bypass filters, and inject malicious or misleading records under trusted tags. CVE-2025-12977 - An improper input validation of tags derived from user-controlled fields, allowing an attacker to inject newlines, traversal sequences, and control characters that can corrupt downstream logs."
Five vulnerabilities in Fluent Bit can be chained to compromise and take over cloud infrastructures. The defects enable authentication bypass, path traversal, remote code execution, denial-of-service conditions, and tag manipulation. Specific issues include unsanitized tag values that allow arbitrary file write and log tampering (CVE-2025-12972); a stack buffer overflow in the Docker Metrics input (CVE-2025-12970); tag-matching logic that permits trusted-tag spoofing (CVE-2025-12978); improper validation of user-derived tags allowing control characters and traversal injection (CVE-2025-12977); and missing authentication in the in_forward plugin (CVE-2025-12969). Exploitation can disrupt services, manipulate telemetry, and deepen access into cloud and Kubernetes environments.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]